@@ -11,49 +11,49 @@ import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource
1111
1212@Configuration
1313@EnableConfigurationProperties(
14- CorsConfigurationProperties ::class ,
15- KeyCloakConfigurationProperties ::class
14+ CorsConfigurationProperties ::class ,
15+ KeyCloakConfigurationProperties ::class
1616)
1717class SecurityConfig (
18- private val corsProperties : CorsConfigurationProperties ,
19- private val keycloakProperties : KeyCloakConfigurationProperties
18+ private val corsProperties : CorsConfigurationProperties ,
19+ private val keycloakProperties : KeyCloakConfigurationProperties
2020) {
2121 @Bean
2222 fun securityWebFilterChain (http : ServerHttpSecurity ): SecurityWebFilterChain {
2323 http
24- .authorizeExchange { exchanges ->
25- exchanges
26- .pathMatchers(
27- " /actuator/**" ,
28- " /webjars/swagger-ui/**" ,
29- " /v3/api-docs/**"
30- )
31- .permitAll()
32- .anyExchange()
33- .authenticated()
24+ .authorizeExchange { exchanges ->
25+ exchanges
26+ .pathMatchers(
27+ " /actuator/**" ,
28+ " /webjars/swagger-ui/**" ,
29+ " /v3/api-docs/**"
30+ )
31+ .permitAll()
32+ .anyExchange()
33+ .authenticated()
34+ }
35+ .oauth2ResourceServer { oauth2 ->
36+ oauth2.opaqueToken { opaque ->
37+ opaque.introspectionUri(keycloakProperties.introspectUrl)
38+ .introspectionClientCredentials(
39+ keycloakProperties.clientId,
40+ keycloakProperties.clientSecret
41+ )
3442 }
35- .oauth2ResourceServer { oauth2 ->
36- oauth2.opaqueToken { opaque ->
37- opaque.introspectionUri(keycloakProperties.introspectUrl)
38- .introspectionClientCredentials(
39- keycloakProperties.clientId,
40- keycloakProperties.clientSecret
41- )
42- }
43- }
44- .csrf { csrf -> csrf.disable() }
45- .cors { cors -> cors.configurationSource(corsConfigurationSource()) }
43+ }
44+ .csrf { csrf -> csrf.disable() }
45+ .cors { cors -> cors.configurationSource(corsConfigurationSource()) }
4646 return http.build()
4747 }
4848
4949 internal fun corsConfigurationSource (): CorsConfigurationSource {
5050 val config =
51- CorsConfiguration ().apply {
52- allowCredentials = true
53- allowedOrigins = corsProperties.allowedOrigins
54- allowedHeaders = listOf (" *" )
55- allowedMethods = listOf (" GET" , " POST" , " PUT" , " DELETE" , " OPTIONS" )
56- }
51+ CorsConfiguration ().apply {
52+ allowCredentials = true
53+ allowedOrigins = corsProperties.allowedOrigins
54+ allowedHeaders = listOf (" *" )
55+ allowedMethods = listOf (" GET" , " POST" , " PUT" , " DELETE" , " OPTIONS" )
56+ }
5757
5858 return UrlBasedCorsConfigurationSource ().apply { registerCorsConfiguration(" /**" , config) }
5959 }
0 commit comments